6.9
CVE-2025-3668 - TOTOLINK A3700R cstecgi.cgi setScheduleCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been declared as critical. This vulnerability affects the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has beβ¦
6.9
CVE-2025-3667 - TOTOLINK A3700R cstecgi.cgi setUPnPCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disβ¦
6.9
CVE-2025-3666 - TOTOLINK A3700R cstecgi.cgi setDdnsCfg access control
A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this issue is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed β¦
9.8
CVE-2025-3495 - COMMGR - Insufficient Randomization Authentication Bypass
Delta Electronics COMMGR v1 and v2Β uses insufficiently randomized values to generate session IDs (CWE-338). An attacker could easily brute force a session ID and load and execute arbitrary code.
6.9
CVE-2025-3665 - TOTOLINK A3700R cstecgi.cgi setSmartQosCfg access control
A vulnerability has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513 and classified as critical. Affected by this vulnerability is the function setSmartQosCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit haβ¦
6.9
CVE-2025-3664 - TOTOLINK A3700R cstecgi.cgi setWiFiEasyGuestCfg access control
A vulnerability, which was classified as critical, was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. Affected is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has beeβ¦
6.9
CVE-2025-3663 - TOTOLINK A3700R Password cstecgi.cgi setWiFiEasyGuestCfg access control
A vulnerability, which was classified as critical, has been found in TOTOLINK A3700R 9.1.2u.5822_B20200513. This issue affects the function setWiFiEasyCfg/setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component Password Handler. The manipulation leads to improper access controls. The β¦
7.5
CVE-2025-3698 -
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
6.1
CVE-2024-13452 - Contact Form by Supsystic <= 1.7.29 - Cross-Site Request Forgery to Stored Cross-Site Scripting viaβ¦
The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.29. This is due to missing or incorrect nonce validation on a saveAsCopy function. This makes it possible for unauthenticated attackers to update settings and injβ¦
6.4
CVE-2025-2314 - User Profile Builder β Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.13.β¦
The User Profile Builder β Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.13.5 due to insufficient input sanitization and output escaping on useβ¦